A web application firewall (WAF) solution that protects web applications and APIs from threats and vulnerabilities through machine learning and AI-powered security. FortiWeb provides protection against OWASP Top 10 threats, zero-day attacks, and bot-based attacks while maintaining high performance and low latency. It offers both cloud-based and on-premises deployment options with features like API protection, automated machine learning, and virtual patching.

Fortinet FortiWeb

A stack-based buffer overflow in Fortinet FortiWeb versions 7.2.0 through 7.2.7, and 7.4.0 through 7.4.1 may allow a privileged user to execute arbitrary code via specially crafted CLI commands, provided the user is able to evade FortiWeb stack protections.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-24017	HIGH	8.1	Fortinet FortiWeb	cpe:2.3:a:fortinet:fortiweb	No	Yes	Mar 10, 2026
CVE-2025-66178	HIGH	7.2	Fortinet FortiWeb	cpe:2.3:a:fortinet:fortiweb	No	Yes	Mar 10, 2026
CVE-2026-30897	MEDIUM	6.6	Fortinet FortiWeb	cpe:2.3:a:fortinet:fortiweb	No	Yes	Mar 10, 2026
CVE-2026-24640	MEDIUM	6.6	Fortinet FortiWeb	cpe:2.3:a:fortinet:fortiweb	No	Yes	Mar 10, 2026
CVE-2026-24641	MEDIUM	6.5	Fortinet FortiWeb	cpe:2.3:a:fortinet:fortiweb	No	Yes	Mar 10, 2026

CVE-2024-21758:
Fortinet FortiWeb vulnerability analysis and mitigation

6.7

Related Fortinet FortiWeb vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2024-21758: Fortinet FortiWeb vulnerability analysis and mitigation